General
-
Target
a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6.exe
-
Size
736KB
-
Sample
210115-9kdjh3767n
-
MD5
5dc485bd9ea63279d7da0c0ac65775c9
-
SHA1
f89527ee988e0f7cbfd872e4326052d5ea778054
-
SHA256
a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6
-
SHA512
b0c32d678bd8f7fb790d406d886a1f670cac7f9a10e0912f3ecb503dbfba5c5f0cfa0026da31d383acec0e156d53af0d777debc0594919604fe6de1898b4835d
Static task
static1
Behavioral task
behavioral1
Sample
a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://lmpulsefashion.net/chief/kev/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6.exe
-
Size
736KB
-
MD5
5dc485bd9ea63279d7da0c0ac65775c9
-
SHA1
f89527ee988e0f7cbfd872e4326052d5ea778054
-
SHA256
a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6
-
SHA512
b0c32d678bd8f7fb790d406d886a1f670cac7f9a10e0912f3ecb503dbfba5c5f0cfa0026da31d383acec0e156d53af0d777debc0594919604fe6de1898b4835d
-
Suspicious use of SetThreadContext
-